Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

TOC training OpenIDM

84 views

Published on

Déroulé de la formation OpenIDM

Published in: Software
  • Be the first to comment

  • Be the first to like this

TOC training OpenIDM

  1. 1. OpenIDM Training June 2017 Version 1.0 1
  2. 2. Table of Contents Training Agenda...............................................................................................................................8 PART I) OpenIDM hands-on......................................................................................................8 Part II) Building all the different connector................................................................................9 Part III) Reconciliation................................................................................................................9 Part IV) SQL connectors...........................................................................................................11 Part V) Rule and Role Provisioning..........................................................................................12 Part 6) WorkFlow......................................................................................................................12 Part 7) Hardening – Security.....................................................................................................13 1) Getting Started with with OpenIDM.........................................................................................15 1.1) Presentation........................................................................................................................15 Prerequisites..............................................................................................................................15 1.2) Installing openIDM............................................................................................................15 1.3) OpenIDM Directory hierarchy...........................................................................................15 1.4) Starting openIDM..............................................................................................................16 1.5) OpenIDM useful Information............................................................................................17 Exercises :.................................................................................................................................17 Exercise 1 : openIDM infrastructure....................................................................................17 Exercise 2 : openIDM installation........................................................................................17 Exercise 3 : Starting openIDM.............................................................................................18 2) Discovering openIDM World....................................................................................................19 2.1) Overview - What is OpenIDM all about ?.........................................................................19 2.2)Managed Objects................................................................................................................19 2.3) Connectors.........................................................................................................................19 2.5) Mappings.......................................................................................................................20 2.6) Accessing to openIDM as administrative user...................................................................20 2.6.1) Dashboard..................................................................................................................20 2.6.2) Configure Tab.............................................................................................................21 2.6.3) Manage Tab................................................................................................................22 2.7) Accessing to openIDM as normal user..............................................................................24 Exercises :.................................................................................................................................25 Exercise 1 : Using the admin user........................................................................................25 Exercise 2 : Creating a new User.........................................................................................25 3) OpenIDM Architecture..............................................................................................................26 3.1) Overview............................................................................................................................26 3.2) OpenIDM infrastructure using OSGI Framework.............................................................26 3.2) OpenIDM Modules............................................................................................................27 3.3) OpenIDM Core Services....................................................................................................27 3.3.1) Managed Objects :.....................................................................................................27 3.3.2) Object Model..............................................................................................................28 3.3.3) Mappings....................................................................................................................28 3.3.4) Synchronization and Reconciliation..........................................................................28 3.3.5) Workflow....................................................................................................................28 4) Connector – Using an XML Connector.....................................................................................29 4.1) Overview............................................................................................................................29 4.2) Exercise..............................................................................................................................29 5) Connector – Using an LDAP Connector...................................................................................34 5.1) Overview............................................................................................................................34 openDJ installation...............................................................................................................34 2
  3. 3. 5.2) Bringing up DJ LDAP Connector......................................................................................34 5.3) Viewing the connector Data...............................................................................................37 5.4) Rest command to query ldap connector data.....................................................................38 6) Connector - using an SQL connector using groovy..................................................................39 6.1) Overview............................................................................................................................39 6.2) Prerequisite........................................................................................................................39 6.2.1) maven and mysql.......................................................................................................39 6.2.2) mysql-connector-java-5.1.41-bin.jar driver...............................................................39 6.3) Exercise..............................................................................................................................39 6.3.1) Connecting to mysql database....................................................................................39 6.3.2) mysql hrdb database preparation....................................................................................40 7) Connector – Using an AD connector.........................................................................................45 7.1) Overview............................................................................................................................45 7.2) Prerequisite........................................................................................................................45 7.3) Test to access to AD machine............................................................................................45 7.4) AD provisioning file..........................................................................................................46 7.5) Display AD data within AD connector..............................................................................46 7.6) Other way to bring up AD connector.................................................................................49 8) Mapping and Reconciliation......................................................................................................50 8.1) Overview............................................................................................................................50 8.2) Mapping - XML to Managed User....................................................................................50 8.2.1) Sync.json file – Mapping File....................................................................................50 8.2.2) Creating an XML mapping to Managed User Object Mapping File..........................50 Properties :............................................................................................................................53 Association :.........................................................................................................................53 Behaviors..............................................................................................................................53 8.2.3) Adding properties to the Mapping..................................................................................55 8.2.3.1) adding new attribute property.............................................................................55 8.2.3.2) Adding transformation script to the authzroles..................................................55 8.2.3.6) Adding a default password.................................................................................57 8.3) Running Reconciliation.....................................................................................................57 8.3.1) Creating a Managed User object................................................................................57 8.3.2) Running « Read-Only Reconciliation ».....................................................................58 8.3.3) Running Reconciliation using the default policy.......................................................60 8.4) Creating a synchronization mapping (OpenIDM – LDAP)...............................................61 8.4.1) Overview....................................................................................................................61 8.4.1) Prerequisite.................................................................................................................61 8.4.3) OpenDJ installation and Configuration......................................................................61 8.4.4) Creating a mapping from IDM to LDAP...................................................................62 8.4.5) Mapping attribute Grid Properties.............................................................................65 8.4.6) Add onCreate – Situtional Event Script.....................................................................66 8.5) openIDM – OpenDJ Reconciliation..................................................................................67 8.5.1) Checking openIDM – OpenDJ reconciliation............................................................67 8.5.2) openIDM – OpenDJ Implicit Sync............................................................................68 8.6) Adding some new XML users............................................................................................68 8.6.1) Adding 2 new users to the XML file..........................................................................68 8.6.2) Running the Reconciliation........................................................................................69 8.7) Managed User - Linked System........................................................................................71 8.7.1) Managed Users...........................................................................................................71 8.7.2) Checking Managed User............................................................................................72 3
  4. 4. 8.8) Adding description field to Managed User Object............................................................74 8.8.1) Adding attribute description to the Managed User Object.........................................74 8.8.2) Make Attribute viewable............................................................................................75 8.8.3) Check that description property on Managed User....................................................76 8.8.4) Check the description attribute value on LDAP........................................................76 8.9 Using the CLI......................................................................................................................77 8.9.1) Running the Reconciliation command from the CLI.................................................77 8.9.2) Accessing to the Managed Users using the CLI........................................................77 9) AD - IDM - OpenDJ..................................................................................................................79 9.1) Presentation........................................................................................................................79 9.2) Requirements.....................................................................................................................79 9.3) AD provisioning connector configuration.........................................................................80 9.4) AD connector user data verification..................................................................................81 9.5) Synchronization file sync.json...........................................................................................82 9.6) Reconciliation on AD mapping.........................................................................................82 9.7) Understanding reconciliation error message......................................................................84 9.8) Fixing the errors – Running Reconciliation.......................................................................85 9.9) Propagation of AD User to LDAP.....................................................................................87 9.10) Performing an update on an AD user – Implicit Synchronization...................................88 10) OpenIDM – AD Mapping........................................................................................................90 11) Scripted SQL Connector - Reconciliation...............................................................................91 11.1) Overview..........................................................................................................................91 11.2) MySQL environment.......................................................................................................91 11.3) Mysql Database Preparation............................................................................................91 11.3.1) Checking mysql database.........................................................................................91 11.3.2) Creating hrdb database.............................................................................................92 11.3.3) MySQL Connector...................................................................................................92 11.4) Scripted SQL connector creation.....................................................................................92 11.5) Run the example..............................................................................................................94 11.5.1) Reset the SQL database............................................................................................94 11.5.2) Checking data at SQL Level.........................................................................................94 11.5.3) Verify data at SQL connector level...............................................................................95 11.6) Performing Reconciliation..........................................................................................95 11.7) REST API Queries...........................................................................................................96 11.7.1) _queryId= query-all-ids............................................................................................96 11.7.2) QueryFilter – Global query......................................................................................96 11.8) QueryFilter – Filtering the request...................................................................................98 12) Using the SQL database table connector – Running reconciliation........................................99 12.1) Create a contractor database ;..........................................................................................99 12.2) Database Table Connector.............................................................................................100 12.3) Creating a mapping........................................................................................................105 12.4)Performing a REST Query on Database Table connector..............................................106 12.5) Performing Reconciliation (Read only mode)...............................................................106 12.6) Run Reconciliation « Default Actions ».......................................................................109 12.7) Adding a new attribute to User Managed Object...........................................................111 13) LiveSync Process...................................................................................................................115 13.1) Overview........................................................................................................................115 13.2) Using LiveSync..............................................................................................................116 13.2.1) Configuring LiveSync............................................................................................116 13.2.2) Enabling Auto-sync on MySql Database ..............................................................118 4
  5. 5. 13.2.3) Modification of SQL attribute................................................................................118 13.2.4 LiveSync configuration on OpenIDM using Admin UI interface..........................119 13.2.5 Querying LiveSync on OpenIDM using Rest API call...........................................119 13.2.6 displaying LiveSync on OpenIDM information......................................................120 13.2.6 Enabling LiveSync on OpenIDM using REST API................................................120 13.2.7 Verification that LiveSync is enabled......................................................................121 13.2.8) LiveSync in action.................................................................................................121 13.3) Using the scheduler to run liveSync..............................................................................123 13.3.1) LiveSync Scheduler file..............................................................................................123 13.3.2) Example of LiveSync Update................................................................................124 13.4) Checking Log files upon LiveSync...........................................................................125 13.5) Using LiveSync with openDJ........................................................................................126 4.3.1. Setting Up OpenDJ.......................................................................................................126 14) Custom endpoint....................................................................................................................127 14.1) Overview........................................................................................................................127 14.2) openidm instance................................................................................................................127 14.3) Construction of the custom endpoint.............................................................................128 14.3.1 Curl custom query...................................................................................................128 14.3.2 Providing a test script..............................................................................................128 14.3.3 endpoint recording verification – cli.sh validate.....................................................129 14.3.4 test of the custom endpoint URL.............................................................................129 15) Rule Provisioning..................................................................................................................131 15.1) Overview...................................................................................................................131 15.2) openidm instance...........................................................................................................131 15.3) Adding new attributes to Managed User schema...........................................................132 15.4) adding a transformation script.......................................................................................133 15.4.1) adding new custom grid attribute...........................................................................133 15.4.2) adding transformation script..................................................................................135 15.5) Reconciliation – user Provisioning................................................................................138 16) Role and assignments............................................................................................................140 16.1) Overview........................................................................................................................140 16.2) Role in more details.......................................................................................................140 16.3) Assignment in more details............................................................................................141 16.4) Use case example...........................................................................................................143 16.4.1) LDAP ICF connector password.............................................................................143 16.4.2) Requirements.........................................................................................................144 16.4.3) Run Reconciliation.....................................................................................................145 16.5) Assignment creation (EmployeeType)...........................................................................145 16.6) Definition of a Role (Employee Role)...........................................................................146 16.7) adding an assignment to the role employe Role............................................................147 16.8) Adding a user to a role...................................................................................................147 16.8.1) Getting the value _Id of bjensen............................................................................147 16.8.2) Assigning role to bjensen.......................................................................................148 16.8.3) Display of Managed user object bjensen...............................................................148 16.9) LDAP provisioning........................................................................................................149 16.10) Adding new assignment attributes (Employee Assignment).......................................150 16.11 Adding a new managed user to the role employee........................................................152 16.12) Removing a role from a user.......................................................................................154 16.12.1) Getting the _id......................................................................................................154 16.12.2) Removing the Role from bjensen.........................................................................155 5
  6. 6. 16.12.3) Verification...........................................................................................................155 17) Sample Provisioning WorkFlow............................................................................................157 17.1) Presentation....................................................................................................................157 17.1 ) start the workflow example..........................................................................................157 17.2) Configure FakeSMTP Email server...............................................................................157 17.3) Configure openIDM email settings...............................................................................157 17.4) Run reconciliation for users and roles...........................................................................158 17.4.1) Reconciling Roles..................................................................................................158 17.4.2) Reconciling Users – (Manager First).....................................................................158 17.4.3) Reconciling Users (Employees).............................................................................159 17.5) View the newly-created data..........................................................................................160 17.6) Check the workflow process definition.........................................................................161 17.7) Initiate Workflow Process..............................................................................................162 17.8) Observing administrative tasks and workflow created..................................................163 17.8.1) Task assignment.....................................................................................................163 17.8.2) Observing workflow tasks.....................................................................................163 17.8.3) observing Workflow process..................................................................................164 17.9) Workflow approval task.................................................................................................165 17.9) User1 Notification dashboard...................................................................................165 17.10) Workflow approval – Authorization Roles..................................................................167 17.11 Difference between Provisioning Role and Authorization Role...................................168 17.12) Some important files (conf directory)..........................................................................169 sync.json.............................................................................................................................169 workflow.json.....................................................................................................................169 process-access.json.............................................................................................................170 18) Workflow – Running a workflow from the reconciliation Process.......................................171 18.1) Presentation....................................................................................................................171 18.2) Starting openIDM with samples/sample9......................................................................171 18.3) Contractor on boarding process.....................................................................................171 18.4) Running reconciliation...................................................................................................171 18.4) Examining Active Workflows........................................................................................172 18.5 Checking MyTask user list (using admin CLI)..........................................................173 18.6) Performing approval process using CLI........................................................................174 18.7) Checking user Provisionniong.......................................................................................174 18.8) Some specific points to be noticed................................................................................175 19) Activiti designer.....................................................................................................................176 19.1) Overview........................................................................................................................176 19.2) Installing activi designer plugin into eclipse.................................................................176 19.3) Creating a simple Project workflow..............................................................................176 19.4) Using the palette (first steps).........................................................................................176 19.5) Producing a bar file........................................................................................................177 19.6) Testing new workflow in openIDM...............................................................................177 20) Hardening for Production......................................................................................................178 20.1) Using a Sql Database.....................................................................................................178 20.2) Running Health monitoring Check................................................................................180 20.3) Starting openIDM as a background process.......................................................................180 20.3.1) starting openIDM as background process on the command line...........................180 20.3.2) using create-openidm-rc.sh....................................................................................180 20.4) Security...............................................................................................................................180 20.4.1) openidm keystore........................................................................................................181 6
  7. 7. 20.4.2) conf/boot/boot.properties file.....................................................................................181 20.5) Performing regular backups...........................................................................................183 20.6) Additional security measure..........................................................................................183 Annex 1 – SMTP Client configuration........................................................................................184 Annex 2 : Useful Rest Calls........................................................................................................186 Annex 3 - Installing OpenDJ.......................................................................................................187 Annex 4 - How to deploy windows 2012 AD on virtualbox.......................................................191 Annex 5 – AD connector : differences with template provisioning file......................................193 Annex 6: References....................................................................................................................194 Annex 7: Building Scripted SQL Connector file examples.........................................................195 Overview ................................................................................................................................195 Building samples/sample3 connector......................................................................................195 Adding the grovy connector to the own internal maven repository........................................195 Compiling successfully...........................................................................................................196 Annex 8: Requirements...............................................................................................................198 Software..................................................................................................................................198 Hardware:................................................................................................................................198 Pointers :......................................................................................................................................199 7

×